CUNA Provides Clarification on Target Breach Notifications

January 6, 2014

WASHINGTON (1/7/14)--Credit unions continue to ask what steps should be taken to alert members about the importance of monitoring their accounts as a result of the Target data breach.

"This is a business decision for the credit union to decide whether--and if so, how--to communicate with members," said Kathy Thompson, Credit Union National Association senior vice president for compliance Monday. "Contrary to what we've reported earlier, there is no regulatory requirements about notifying members when a breach occurs in a merchant's information systems. Section 748/Appendix B of NCUA's regulations on member notification only is triggered when there has been unauthorized access to member information directly from the credit union's system or its third-party service provider." (See resource link for past News Now story.

CUNA provided clarifying information about the requirements on a new CompBlog post on Jan. 6, explaining that it is up to the credit union to determine how it will communicate with its members.

"Certainly all members need to be reminded of the importance of thoroughly reviewing their statements regularly," Thompson wrote. CUNA has heard from credit unions that they are posting information on their websites, including information in their newsletters, or adding information to their call center response lines about what the credit union is doing to stay on top of the situation and what members need to do to monitor their accounts. Some credit unions have already decided to re-issue cards on vulnerable accounts, while others continue to closely monitor account activity for suspicious transactions.

Thompson reminds credit unions that "your insurance company and VISA and MasterCard need to know about incidents of unauthorized access to specific members' accounts so they can continue to investigate the Target breach."

Last week CUNA announced it's asking credit unions to complete a survey (see resource link) on costs they are incurring due to the Target data breach.

"We know that this is early in the process of monitoring, potentially freezing, and perhaps re-opening accounts. But we are asking credit unions to keep track of these costs and respond to our survey in coming weeks," Thompson said.

She notes that for several years CUNA has been pushing for congressional action on legislation to require merchants to reimburse financial institutions for costs incurred when breaches occur in retailers' systems. "Actual cost data will obviously be very useful in helping us to represent credit unions," Thompson noted.

Does your credit union offer domestic partner benefits?

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.